The US government is willing to pay up to $5 million for information on North Korea’s hackers and their ongoing hacking operations.
The reward for reporting North Korean hackers was announced today in a joint report [PDF] published by the Departments of State, Treasury, Homeland Security, and the Federal Bureau of Investigation.
The joint report contains a summary of North Korea’s recent cyber operations and is based on a UN Security Council report published last year that details the country’s tactic of using hackers to raise funds for the Pyongyang regime, as a novel way to bypass international sanctions.
Observed tactics include:
- Attacks and thefts from banks and other financial entities
- Attacks and thefts from cryptocurrency exchanges
- Cryptojacking operations — where North Korean hackers compromise servers worldwide to mine cryptocurrency
- Various types of extortion campaigns, such as:
– Compromising an entity’s network and threatening to shut it down unless the victim pays a ransom
– Getting paid to hack websites on behalf of third-party clients, and then extorting the targets
– Charging victims “long-term paid consulting arrangements” in order to prevent future attacks
US officials say a lot of these attacks have targeted the financial sector, from where North Korean hackers have stolen funds in excess of $2 billion, which have been laundered back into the hermit kingdom.
The US says these hacks are now posing “a significant threat to the integrity and stability of the international financial system.”
The report warns financial entities and companies in other industry verticals to bolster protections against North Korea’s hacker groups and links to US government resources related to DPRK cyber threats so companies can look into and take steps to secure their IT infrastructure against known North Korean malware and hacking tactics.
The US government also issued a stern warning to companies that may be engaging with North Korean entities and might be, directly or indirectly, helping North Korean hackers launder stolen funds. Consequences include sanctions and seizure of funds and assets, officials said.
North Korea uses hackers to raise funds, bypass sanctions
Today’s joint guidance on North Korean cyber operations is just the latest in a long list of actions the US has taken to counter the Pyongyang regime’s highly active hacker groups.
In September 2019, the US Treasury imposed sanctions on three North Korean hacking groups — Lazarus, Andariel, and Bluenoroff.
In November 2019, the US Department of Justice charged a member of the Ethereum cryptocurrency project for giving a talk in North Korea about cryptocurrencies and how they could be used to avoid sanctions.
In March 2020, the US Department of Justice charged two Chinese nationals for laundering funds from two Lazarus hacks.
The US government’s joint report comes a day after North Korea fired “a barrage of cruise missiles” that hit near South Korea’s coastline ahead of the country’s upcoming parliamentary election.
The US government stated last year that North Korea has been using hackers to raise funds to finance its weapons and nuclear missile programs.
Government officials are now hoping that the joint report will help companies improve their security posture and awareness, and put a dent in Pyongyang’s hacking profits, and, indirectly, in the country’s weapons program.
“It is vital for the international community, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea,” US officials said.
Users who have and can share any helpful information can report it through the Department of State’s Rewards for Justice portal.